On Sat, 2006-11-25 at 08:44 -0500, Mark Baker wrote: > On 11/25/06, Sanjiva Weerawarana <[EMAIL PROTECTED]> wrote: > > Well it shouldn't be .. if you don't need SOAP you don't need it. If all > > you need is to send some XML over HTTP or HTTPS then SOAP is not at all > > needed. SOAP should come into the picture IFF you need message level > > security, reliability or transactions or any of the other things that > > have been built on SOAP. If not why pay the price? > > What's interesting about this argument is an implicit assumption being > made; that if you had an existing HTTP/URI based Web API, but then > later found it needed "security, reliability, or transactions", that > you need to abandon the existing Web API and replace it with SOAP. > What about, oh, say, *adding* those ilities incrementally, within the > constraints of the existing API?
Hey great idea! OK now tell me, what exactly does one need to do to add message level security to HTTP? After I sign the message where do I put it so the recipient will always check that before touching the message? How about reliability? (Remember HTTP-R?) How about transactions? NOTE: We need interoperable standards with corresponding metadata (i.e., policies) for all of the above so that tools can work with them. Please tell me what standards in non-WS-* REST-land do these things. > > OK if its easy then let's see the criteria. RESTafarians say cookies are > > not RESTful etc.. How do you see a GET http://foo.com/xyz?a=b&y=10 and > > say whether its RESTful or not? > > As you would answer any question of that sort; by looking at the messages. ?? No way. Only the owner of the resource can say whether this GET is safe or not. How can you possibly say that by looking at the messages?! > > Wait, how do you advocate REST as an implementation technology for > > *service* oriented architecture when REST doesn't have the concept of > > services but rather has the concept of resources? > > Because virtually all services can be used as resources (usually more > than one resource per service though). So your proposal is to first make service, and then introduce resources in front of services to make it RESTful and then, voila!, you have a beautiful RESTful system? Um, why bother with that extra layer of complexity when the underlying guts are service oriented already? Sanjiva. -- Sanjiva Weerawarana, Ph.D. Founder & Director; Lanka Software Foundation; http://www.opensource.lk/ Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/ Director; Open Source Initiative; http://www.opensource.org/ Member; Apache Software Foundation; http://www.apache.org/ Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/
